CVE-2021-41039 in Eclipse and Canonical Products
Published on December 1, 2021
In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.
Weakness Type
Excessive Platform Resource Consumption within a Loop
The software has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, sessions, locks, or file descriptors.
Products Associated with CVE-2021-41039
stack.watch emails you whenever new vulnerabilities are published in Eclipse Mosquitto or Canonical Ubuntu Linux. Just hit a watch button to start following.
Affected Versions
The Eclipse Foundation Eclipse Mosquitto:- Version 1.6 and below unspecified is affected.
- Version unspecified, <= 2.0.11 is affected.
Exploit Probability
EPSS
0.25%
Percentile
47.95%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.